% This file was created with JabRef 2.5.
% Encoding: Cp1252

@inproceedings{willmor05:safe,
 author = {Willmor, David and Embury, Suzanne M.},
 title = {A Safe Regression Test Selection Technique for Database-Driven Applications},
 booktitle = {Proc. 21st IEEE International Conference on Software Maintenance},
 year = {2005},
 pages = {421--430},
 numpages = {10},
} 

@article{bible01:comparative,
 author = {Bible, John and Rothermel, Gregg and Rosenblum, David S.},
 title = {A comparative study of coarse- and fine-grained safe regression test-selection techniques},
 journal = {ACM Trans. Softw. Eng. Methodol.},
 volume = {10},
 issue = {2},
 year = {2001},
 pages = {149--183},
 numpages = {35},
} 

@inproceedings{mouelhi09:tranforming,
	Author = {Mouelhi, Tejeddine and Le Traon, Yves and Baudry, Benoit},
	Booktitle = {Proc. 2nd International Conference on Software Testing, Verification, and Validation (ICST 2009)},
	Title = {Transforming and selecting functional test cases for security policy testing},
	Year = {2009},
}
	
@inproceedings{kalam03:orBac,
 author = {A. {Abou El Kalam} and R. El Baida and P. Balbiani and S. Benferhat and F. Cuppens and Y. Deswarte and A. Mi\`ege and C. Saurel and G. Trouessin},
 title = {{Organization Based Access Control}},
 booktitle = {Proc. 4th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy 203)},
 year = {2003},
 adress = {Como, Italie},
 month = {June},
}

@INPROCEEDINGS{al-shaer:discovery04,
  author = {Ehab Al-Shaer and Hazem Hamed},
  title = {Discovery of policy anomalies in distributed firewalls},
  booktitle = {Proc. 23rd Conf. IEEE Communications Soc. (INFOCOM 2004)},
  year = {2004},
  pages = {2605--2616}
}

@MISC{anderson04:rbacxacml,
  author = {Annie Anderson},
  title = {{XACML} Profile for Role Based Access Control ({RBAC})},
  howpublished = {OASIS Committee Draft 01},
  year = {2004},
  url = {http://docs.oasis-open.org/xacml/cd-xacml-rbac-profile-01.pdf}
}

@INPROCEEDINGS{backes04algebra,
  author = {Backes, Michael and Duermuth, Markus and Steinwandt, Rainer},
  title = {An Algebra for Composing Enterprise Privacy Policies},
  booktitle = {Proceedings of 9th European Symposium on Research in Computer Security
	(ESORICS)},
  year = {2004},
  volume = {3193},
  series = {Lecture Notes in Computer Science},
  pages = {33-52}
}

@INPROCEEDINGS{bauer09:real,
  author = {Lujo Bauer and Lorrie Cranor and Robert W. Reeder and Michael K.
	Reiter and Kami Vaniea},
  title = {Real life challenges in access-control management},
  booktitle = {Proc. Conference on Human Factors in Computing Systems (CHI)},
  year = {2009},
  pages = {899--908},
  copyright = {ACM},
  url = {http://www.ece.cmu.edu/~lbauer/papers/2009/chi09-management.pdf}
}

@INPROCEEDINGS{birgisson08:enforcing,
  author = {Arnar Birgisson and Mohan Dhawan and \'{U}lfar Erlingsson and Vinod
	Ganapathy and Liviu Iftode},
  title = {Enforcing Authorization Policies using Transactional Memory Introspection},
  booktitle = {Proc. 15th ACM Conference on Computer and Communications Security
	(CCS 2008)},
  year = {2008},
  pages = {223--234}
}

@ARTICLE{Bonatti2,
  author = {Bonatti, Piero and De Capitani di Vimercati, Sabrina and Samarati,
	Pierangela},
  title = {An algebra for composing access control policies},
  journal = {ACM Trans. Inf. Syst. Secur.},
  year = {2002},
  volume = {5},
  pages = {1--35},
  number = {1}
}


@book{Myers:1979:AST:539883,
 author = {Myers, Glenford J.},
 title = {Art of Software Testing},
 year = {1979},
 isbn = {0471043281},
 publisher = {John Wiley \& Sons, Inc.},
 address = {New York, NY, USA},
} 


@article{rothermel97:safe,
 author = {Rothermel, Gregg and Harrold, Mary Jean},
 title = {A safe, efficient regression test selection technique},
 journal = {ACM Trans. Softw. Eng. Methodol.},
 issue_date = {April 1997},
 volume = {6},
 number = {2},
 month = apr,
 year = {1997},
 } 


@article{Rothermel:1996:ART:235681.235682,
 author = {Rothermel, Gregg and Harrold, Mary Jean},
 title = {Analyzing Regression Test Selection Techniques},
 journal = {IEEE Trans. Softw. Eng.},
 volume = {22},
 issue = {8},
 month = {August},
 year = {1996},
 issn = {0098-5589},
 pages = {529--551},
 numpages = {23},
 url = {http://dx.doi.org/10.1109/32.536955},
 doi = {http://dx.doi.org/10.1109/32.536955},
 acmid = {235682},
 publisher = {IEEE Press},
 address = {Piscataway, NJ, USA},
 keywords = {Software maintenance, regression testing, selective retest, regression test selection.},
} 



@INPROCEEDINGS{cimatti02:nusmv2,
  author = {A. Cimatti and E. Clarke and E. Giunchiglia and F. Giunchiglia and
	M. Pistore and M. Roveri and R. Sebastiani and A. Tacchella},
  title = {{NuSMV Version 2: An OpenSource Tool for Symbolic Model Checking}},
  booktitle = {Proc. International Conference on Computer-Aided Verification (CAV)},
  year = {2002}
}

@INPROCEEDINGS{clark87:comparison,
  author = {Clark, D. D. and Wilson, D. R.},
  title = {A Comparison of Commercial and Military Computer Security Policies},
  booktitle = {Proc. IEEE Symposium on Security and Privacy (S\&P 1987)},
  year = {1987},
  pages = {184-193}
}

@INPROCEEDINGS{damianou01:ponder,
  author = {Nicodemos Damianou and Naranker Dulay and Emil Lupu and Morris Sloman},
  title = {The {Ponder} Policy Specification Language},
  booktitle = {Proc. International Workshop on Policies for Distributed Systems
	and Networks (POLICY 2001)},
  year = {2001},
  pages = {18--38}
}

@MISC{lapadula73:secure,
  author = {November An Electronic and Len Lapadula and The Original and D. Elliott
	Bell and Leonard J. Lapadula},
  title = {Secure Computer Systems: Mathematical Foundations},
  year = {1973},
  institution = {Mitre Corporation},
  number = {ESD-TR-73-278},
  type = {Technical Report}
}

@INPROCEEDINGS{ferraiolo92:role,
  author = {David Ferraiolo and Richard Kuhn},
  title = {Role Based Access Control},
  booktitle = {Proc. 15th National Computer Security Conference (NCSC)},
  year = {1992},
  pages = {554--563}
}

@ARTICLE{ferraiolo01:proposed,
  author = {David F. Ferraiolo and Ravi Sandhu and Serban Gavrila and D. Richard
	Kuhn and Ramaswamy Chandramouli},
  title = {Proposed {NIST} standard for role-based access control},
  journal = {ACM Trans. Inf. Syst. Secur.},
  year = {2001},
  volume = {4},
  pages = {224--274},
  number = {3},
  issn = {1094-9224}
}

@ARTICLE{ferraiolo:rbac,
  author = {David F. Ferraiolo and Ravi S. Sandhu and Serban I. Gavrila and D.
	Richard Kuhn and Ramaswamy Chandramouli},
  title = {Proposed {NIST} standard for role-based access control},
  journal = {ACM Transactions on Information and System Security},
  year = {2001},
  volume = {4},
  pages = {224-274},
  number = {3}
}

@ARTICLE{findler02:drscheme,
  author = {Robert Bruce Findler and John Clements and Cormac Flanagan, Matthew
	Flatt and Shriram Krishnamurthi and Paul Steckler and Matthias Felleisen},
  title = {{DrScheme: A Progamming Environment for Scheme}},
  journal = {Journal of Functional Programming},
  year = {2002},
  volume = {12},
  pages = {159--182},
  url = {citeseer.ist.psu.edu/findler01drscheme.html}
}

@INPROCEEDINGS{fisler05:verification,
  author = {Kathi Fisler and Shriram Krishnamurthi and Leo A. Meyerovich and
	Michael Carl Tschantz},
  title = {Verification and change-impact analysis of access-control policies},
  booktitle = {Proc. 27th International Conference on Software Engineering (ICSE
	)},
  year = {2005},
  pages = {196--205},
  location = {St. Louis, MO}
}

@INPROCEEDINGS{garzoglio09:svopme,
  author = {Garzoglio, Gabriele and Wang, Nanbor and Sfiligoi Igor and Levshina,
	Tanya and Ananthan, Balamurali },
  title = {SVOPME: A Scalable Virtual Organization Privileges Management Environment},
  booktitle = {Proc. Computing in High Energy Physics and Nuclear Physics},
  year = {2009}
}

@INPROCEEDINGS{grindal07:combinatios,
  author = {Mats Grindal and Jeff Offutt},
  title = {Input parameter modeling for combination strategies},
  booktitle = {Proc. 25th conference on IASTED International Multi-Conference (SE
	2007)},
  year = {2007},
  pages = {255--260}
}

@ARTICLE{hu10:model,
  author = {Vincent Hu and Richard Kuhn and Tao Xie and JeeHyun Hwang},
  title = {Model Checking for Verification of Mandatory Access Control Models
	and Properties},
  journal = {To Appear International Journal of Software Engineering and Knowledge
	Engineering},
  year = {2010}
}

@INPROCEEDINGS{hu08:property,
  author = {Vincent Hu and Richard Kuhn and Tao Xie.},
  title = {Property Verification for Generic Access Control Models},
  booktitle = {Proc. IEEE/IFIP International Symposium on Trust, Security and Privacy
	for Pervasive Applications (TSP)},
  year = {2008},
  pages = {243--250}
}

@INPROCEEDINGS{hu07:conformance,
  author = {Vincent C. Hu and Evan Martin and JeeHyun Hwang and Tao Xie},
  title = {Conformance Checking of Access Control Policies Specified in {XACML}},
  booktitle = {Proc. 1st IEEE International Workshop on Security in Software Engineering
	(IWSSE)},
  year = {2007},
  url = {http://www.csc.ncsu.edu/faculty/xie/publications/iwsse07.pdf}
}

@TECHREPORT{hughes04:automated,
  author = {Graham Hughes and Tevfik Bultan},
  title = {Automated Verification of Access Control Policies},
  institution = {Department of Computer Science, University of California, Santa Barbara},
  year = {2004},
  type = {Technical Report},
  number = {2004-22}
}

@INPROCEEDINGS{jackson01:micromodularity,
  author = {Daniel Jackson and Ilya Shlyakhter and Manu Sridharan},
  title = {A micromodularity mechanism},
  booktitle = {Proc. joint meeting of the European Software Engineering Conference
	and the ACM SIGSOFT Symposium on the Foundations of Software Engineering
	(ESEC/FSE)},
  year = {2001},
  pages = {62--73}
}

@INPROCEEDINGS{kikuchi07:policy,
  author = {Kikuchi, Shinji and Tsuchiya, Satoshi and Adachi, Motomitsu and Katsuyama,
	Tsuneo},
  title = {Policy Verification and Validation Framework Based on Model Checking
	Approach},
  booktitle = {Proc. the Fourth International Conference on Autonomic Computing
	(ICAC 2007)},
  year = {2007},
  pages = {1}
}

@INPROCEEDINGS{kolaczek03:specification,
  author = {Grzegorz Kolaczek},
  title = {Specification and Verification of Constraints in Role Based Access
	Control for Enterprise Security System},
  booktitle = {Proc. 12th International Workshop on Enabling Technologies (WETICE
	)},
  year = {2003},
  pages = {190}
}

@INPROCEEDINGS{kolovski07:analyzing,
  author = {Vladimir Kolovski and James Hendler and Bijan Parsia},
  title = {Analyzing Web Access Control Policies},
  booktitle = {Proc. 16th International Conference on World Wide Web (WWW)},
  year = {2007},
  pages = {677--686}
}

@ARTICLE{kuhn08:practical,
  author = {Rick Kuhn and Yu Lei and Raghu Kacker and Raghu Kacker},
  title = {Practical Combinatorial Testing: Beyond Pairwise},
  journal = {IT Professional},
  year = {2008},
  volume = {10},
  pages = {19--23},
  number = {3}
}

@ARTICLE{lei07:ipog,
  author = {Yu Lei and Raghu Kacker and D. Richard Kuhn and Vadim Okun and James
	Lawrence},
  title = {IPOG: A General Strategy for T-Way Software Testing},
  journal = {Proc. the 8th IEEE Engineering of Computer-Based Systems conference
	(ECBS)},
  year = {2007},
  volume = {0},
  pages = {549-556},
  isbn = {0-7695-2772-8}
}

@INPROCEEDINGS{Ninghui2009,
  author = {Li, Ninghui and Wang, Qihua and Qardaji, Wahbeh and Bertino, Elisa
	and Rao, Prathima and Lobo, Jorge and Lin, Dan},
  title = {Access control policy combining: theory meets practice},
  booktitle = {Proc 4th ACM symposium on Access control models and technologies
	(SACMAT)},
  year = {2009},
  pages = {135--144}
}

@INPROCEEDINGS{dan07:policysimilarity,
  author = {Lin, Dan and Rao, Prathima and Bertino, Elisa and Lobo, Jorge},
  title = {An approach to evaluate policy similarity},
  booktitle = {Proc. 12th ACM symposium on Access control models and technologies},
  year = {2007},
  pages = {1--10}
}

@INPROCEEDINGS{liu08:xengine,
  author = {Alex X. Liu and Fei Chen and JeeHyun Hwang and Tao Xie},
  title = {XEngine: A Fast and Scalable {XACML} Policy Evaluation Engine},
  booktitle = {Proc. International Conference on Measurement and Modeling of Computer
	Systems (SIGMETRICS)},
  year = {2008},
  pages = {265--276}
}

@INPROCEEDINGS{lorch03:xacml,
  author = {M. Lorch and D.G. Kafura and S. Shah},
  title = {An {XACML}-based Policy Management and Authorization Service for
	{Globus} Resources},
  booktitle = {Proc. International Workshop on Grid Computing (GRID)},
  year = {2003},
  pages = {208-212}
}

@INPROCEEDINGS{martin08:assessing,
  author = {Evan Martin and JeeHyun Hwang and Tao Xie and Vincent Hu},
  title = {Assessing Quality of Policy Properties in Verification of Access
	Control Policies},
  booktitle = {Proc. Annual Computer Security Applications Conference (ACSAC)},
  year = {2008},
  pages = {163--172},
  url = {http://www.csc.ncsu.edu/faculty/xie/publications/acsac08-verif.pdf}
}

@INPROCEEDINGS{martin07:automated,
  author = {Evan Martin and Tao Xie},
  title = {Automated Test Generation for Access Control Policies via Change-Impact
	Analysis},
  booktitle = {Proc. 3rd International Workshop on Software Engineering for Secure
	Systems (SESS)},
  year = {2007},
  pages = {5--11},
  url = {http://www.csc.ncsu.edu/faculty/xie/publications/sess07.pdf}
}

@INPROCEEDINGS{martin07:fault,
  author = {Evan Martin and Tao Xie},
  title = {A Fault Model and Mutation Testing of Access Control Policies},
  booktitle = {Proc. 16th International Conference on World Wide Web (WWW)},
  year = {2007},
  pages = {667--676},
  url = {http://www.csc.ncsu.edu/faculty/xie/publications/www07.pdf}
}

@INPROCEEDINGS{martin06:defining,
  author = {Evan Martin and Tao Xie and Ting Yu},
  title = {Defining and Measuring Policy Coverage in Testing Access Control
	Policies},
  booktitle = {Proc. 8th International Conference on Information and Communications
	Security (ICICS)},
  year = {2006},
  pages = {139--158},
  month = December,
  url = {http://www.csc.ncsu.edu/faculty/xie/publications/icics06.pdf}
}

@INPROCEEDINGS{Mazzoleni2006,
  author = {Mazzoleni, P. and Bertino, E. and Crispo, B. and Sivasubramanian,
	S.},
  title = {XACML policy integration algorithms: not to be confused with XACML
	policy combination algorithms!},
  booktitle = {Proc 11th ACM symposium on Access control models and technologies
	(SACMAT)},
  year = {2006},
  pages = {219--227}
}

@INPROCEEDINGS{molloy08:mining,
  author = {Ian Molloy and Hong Chen and Tiancheng Li and Qihua Wang and Ninghui
	Li and Elisa Bertino and Seraphin Calo and Jorge Lobo},
  title = {Mining roles with semantic meanings},
  booktitle = {Proc of the 13th ACM symposium on Access control models and technologies
	(SACMAT 2008)},
  year = {2008},
  pages = {21--30}
}

@MISC{moses03:xacml,
  author = {T. Moses and A. Anderson and S. Proctor and S. Godik},
  title = {{XACML Profile for Web-Services (WSPL)}},
  howpublished = {OASIS Working Draft},
  year = {2003},
  url = {http://www.oasis-open.org/committees/download.php/3661/draft-xacml-wspl-04.pdf}
}

@INPROCEEDINGS{reeder08:grids,
  author = {Robert W. Reeder and Lujo Bauer and Lorrie Cranor and Michael K.
	Reiter and Kelli Bacon and Keisha How and Heather Strong},
  title = {Expandable grids for visualizing and authoring computer security
	policies},
  booktitle = {Proc. conference on Human Factors in Computing Systems},
  year = {2008},
  pages = {1473--1482}
}

@INPROCEEDINGS{schaad02:lightweight,
  author = {Andreas Schaad and Jonathan D. Moffett},
  title = {A Lightweight Approach to Specification and Analysis of Role-based
	Access Control Extensions},
  booktitle = {Proc. 7th ACM Symposium on Access Control Models and Technologies
	(SACMAT)},
  year = {2002},
  pages = {13--22}
}

@INPROCEEDINGS{stoller07:efficient,
  author = {Scott D. Stoller and Ping Yang and C.R. Ramakrishnan and Mikhail
	I. Gofman},
  title = {Efficient Policy Analysis for Administrative Role Based Access Control},
  booktitle = {Proc. 14th ACM Conference on Computer and Communications Security
	(CCS 2007)},
  year = {2007},
  pages = {445--455}
}

@INPROCEEDINGS{wang04:alogic-based,
  author = {Lingyu Wang and Duminda Wijesekera and Sushil Jajodia},
  title = {A logic-based framework for attribute based access control},
  booktitle = {Proc. 2nd ACM Workshop on Formal Methods in Security Engineering
	(FMSE)},
  year = {2004},
  pages = {45--55},
  publisher = ACM # Press
}

@INPROCEEDINGS{wille09:concept,
  author = {Wille, Rudolf},
  title = {RESTRUCTURING LATTICE THEORY: AN APPROACH BASED ON HIERARCHIES OF
	CONCEPTS},
  booktitle = {Proc. of the 7th International Conference on Formal Concept Analysis},
  year = {2009},
  pages = {314--339}
}

@INPROCEEDINGS{xu08:visualization,
  author = {Xu, Wenjuan and Shehab, Mohamed and Ahn, Gail-Joon},
  title = {Visualization based policy analysis: case study in SELinux},
  booktitle = {Proc. 13th ACM symposium on Access control models and technologies},
  year = {2008},
  pages = {165--174}
}

@INPROCEEDINGS{yuan2006:FIREMAN,
  author = {Lihua Yuan and Jianning Mai and Zhendong Su and Hao Chen and Chen-Nee
	Chuah and Prasant Mohapatra},
  title = {{FIREMAN}: A Toolkit for {FIREwall} {Modeling} and {ANalysis}},
  booktitle = {Proc. 2006 IEEE Symposium on Security and Privacy (S\&P 2006)},
  year = {2006},
  pages = {199--213}
}

@INPROCEEDINGS{zhang05:evaluating,
  author = {Nan Zhang and Mark Ryan and Dimitar P. Guelev},
  title = {Evaluating Access Control Policies Through Model Checking},
  booktitle = {Proc. 8th Information Security Conference (ISC)},
  year = {2005},
  pages = {446-460}
}

@INPROCEEDINGS{zhang04:synthesis,
  author = {Nan Zhang and Mark Ryan and Dimitar P. Guelev},
  title = {Synthesising verified access control systems in {XACML}},
  booktitle = {Proc. 2004 ACM Workshop on Formal Methods in Security Engineering
	(FMSE)},
  year = {2004},
  pages = {56--65}
}

@MISC{net05:xacml,
  title = {{XACML.NET}},
  howpublished = {\url{http://mvpos.sourceforge.net/}},
  year = {2005}
}

@MISC{oasis05:xacml,
  title = {{OASIS eXtensible Access Control Markup Language (XACML)}},
  howpublished = {\url{http://www.oasis-open.org/committees/xacml/}},
  year = {2005}
}


@inproceedings{Margrave,
  author    = {Kathi Fisler and
               Shriram Krishnamurthi and
               Leo A. Meyerovich and
               Michael Carl Tschantz},
  title     = {Verification and change-impact analysis of access-control
               policies},
  booktitle = {ICSE},
  year      = {2005},
  pages     = {196-205},
}

@MISC{sun05:xacml,
  title = {{Sun's XACML implementation}},
  howpublished = {\url{http://sunxacml.sourceforge.net/}},
  year = {2005}
}

